Botnets on IoT devices: The rise of thingbots in the Philippines

Botnets on IoT devices: The rise of thingbots in the Philippines

Thingbots, botnets built exclusively from Internet of Things (IoT) devices, are set to become the infrastructure for a future darknet. This is one of the key findings of F5 Networks’s latest report, “Threat Analysis: The Hunt for IoT – the Rise of Thingbots,” which continues to track Telnet activity, and the progressions of Mirai, as well as Persirai, a new thingbot.

According to IoT Agenda of techtarget.com, “IoT is a system of interrelated computing devices, mechanical and digital machines, objects, animals or people that are provided with unique identifiers and the ability to transfer data over a network without requiring human-to-human or human-to-computer interaction. A thingbot is something with an embedded system and an Internet connection that has been coopted by a hacker to become part of a botnet of networked things.”

The F5 Network report exposes how IoT devices have been, and will continue to be one of the most highly exploitable tools in the arsenals of cyber attackers.

Internet of Things devices connect the world around us and power our lives, but make us more vulnerable to being hacked

The Department of Information Communication Technology, a government bureau established in 2016 to help police the Philippine internet, launched the National Cybersecurity Plan 2022 early this year.

Countries where top 50 IP addresses reside
Persirai-infected IP cameras and Command & Control servers, Asia, June 2017

As shown in the map above, cybersecurity will continue to remain a key concern in today’s ever connected world, driven by the rise of IoT.

Hackers find new ways to leverage unprotected devices to launch cyber attacks. The reality remains – our world of unsecured devices is the new playground for hackers; and according to F5 Networks’ latest report, this is not going to change (until IoT manufacturers are forced to secure these devices), as IoT devices are becoming the “cyberweapon delivery system of choice” by today’s botnet-building attackers.

Historical view of IoT attack growth by quarter, January 2016 through June 2017

Some of the key insights:
• IoT attacks rose by 280%, attributed to the Mirai malware and its subsequent attacks (Image above)
• China, previously the top source country from which attacking activity originated, has dropped off significantly, contributing less than 1% to the total attack volume
• Spain has taken over as the leader in attacks, with 83% of attacks launched from a hosting provider network based there
• Hackers are building thingbots based on specific disclosed vulnerabilities in IoT devices, rather than having to find new exploits

Top 50 most attacked admin username and password combinations; 94% of respondents admit to using the same passwords as their usernames for logins

What does this mean for enterprises?
• Have a DDoS strategy ready at hand
• Ensure redundancy for critical services, and that they are prepared for downstream impact
• Implement credential stuffing solutions
• Train employees on the threat and vulnerability of IoT devices – the more aware they are of these threats, the less likely they are to become affected by the attacks

Threat Analysis: The Hunt for IoT  – the Rise of Thingbots is the third volume of F5 Networks’s IoT reports, following the second volume Threat Analysis Report: The Hunt for IoT. To find out more on the subject, the full report is available here with further detail on global and market trends.

F5 makes apps go faster, smarter, and safer for the world’s largest businesses, service providers, governments, and consumer brands. F5 delivers cloud and security solutions that enable organizations to embrace the application infrastructure they choose without sacrificing speed and control. For more information, go to f5.com. You can also follow @F5NetworksAPJ on Twitter, LinkedIn and Facebook.

Leave a Reply

Your email address will not be published. Required fields are marked *